How Data is Secured in the Cloud

Cloud computing has long since established itself an integral part of day-to-day digital life; from checking your emails to purchasing online, the security of web-based data in the cloud is old hat for industry techies. However, the recent rollout of the Chromebook and iCloud has introduced the concept of brand cloud computing to the mainstream, and with it, interest in cloud security has risen.

The importance of cloud security (particularly for use in businesses) is of course nothing new. Indeed, it has become one of the fastest growing and evolving sub-domains of information security and as such, can be a difficult concept to comprehensively define. However, the specific security concerns themselves can be sorted into three general categories, as defined by Chenxi Wang in her excellent piece for Forrester:

• Security and privacy – e.g. data protection, operational integrity, privacy management.
• Compliance – e.g. physical location of data centres, logs and audit trail handling.
• Legal and contractual issues – e.g. liability and intellectual property issues

The first point is the most important of all, and for this reason, there are certain key areas in which cloud computing providers focus to ensure the security of data. In a general sense, for data to be considered protected it must be properly segregated against alternate accounts on the cloud; it must be securely stored when not used and, essentially, have the ability to be securely transferred in-between locations. As such, cloud providers’ security systems focus primarily on preventing unauthorised third party access to data in storage or transfer, as well as preventing data leaks of any kind.

As part of this focus on authorized access, cloud computing companies aim to integrate their identity management systems into client infrastructures. This can take the form of a bespoke system, but as with any customized project, can often prove costly. Systems could also utilise federation (creating multiple providers or networks communicable and uniform) or SSO (single sign-on) technology to help integrate systems more easily.

Similarly, the applications available via cloud computing must be considered. Developers need to be made aware of the threats implicit in cloud computing: Firewalls will be put in place at the application-level and any application code that is outsourced or packaged must be kept secure. This is done by implementing testing and the ensuring adherence to accepted procedures.

It’s easy to forget that the physical side of cloud computing is an essential area of data security. All machines that the cloud-system is reliant on must be kept secure. Any access to these machines will be both restricted and documented. Such documentations and logs will then, in of themselves, be subject to security measures to ensure that they are secure. Any logs and audit trails must be maintained as long as required by the user or client. Most importantly, in the case of security breaches, hacking and data-theft, these logs are essential for the following forensic investigation.

Thanks to Workbooks who is  leading supplier of CRM software for contributing to this article.

The following two tabs change content below.

Paul

Digital Poet at BurnWorld Inc.

I am the Team Leader here at BurnWorld. I am an audio/video enthusiast and have been in this industry for over 10 years. I love testing DVD/Blu-Ray and Video software.


Free PC Matic Scan


Tags:

There are no comments yet, add one below.

Leave a reply

Your email address will not be published. Required fields are marked *

*

*